[Secure-testing-commits] r43024 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Jul 5 21:10:10 UTC 2016
Author: sectracker
Date: 2016-07-05 21:10:10 +0000 (Tue, 05 Jul 2016)
New Revision: 43024
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-05 19:26:32 UTC (rev 43023)
+++ data/CVE/list 2016-07-05 21:10:10 UTC (rev 43024)
@@ -1,4 +1,55 @@
+CVE-2016-6159
+ RESERVED
+CVE-2016-6158
+ RESERVED
+CVE-2016-6157
+ RESERVED
+CVE-2016-6156
+ RESERVED
+CVE-2016-6155
+ RESERVED
+CVE-2016-6154
+ RESERVED
+CVE-2016-6152
+ RESERVED
+CVE-2016-6151
+ RESERVED
+CVE-2016-6150
+ RESERVED
+CVE-2016-6149
+ RESERVED
+CVE-2016-6148
+ RESERVED
+CVE-2016-6147
+ RESERVED
+CVE-2016-6146
+ RESERVED
+CVE-2016-6145
+ RESERVED
+CVE-2016-6144
+ RESERVED
+CVE-2016-6143
+ RESERVED
+CVE-2016-6142
+ RESERVED
+CVE-2016-6141
+ RESERVED
+CVE-2016-6140
+ RESERVED
+CVE-2016-6139
+ RESERVED
+CVE-2016-6138
+ RESERVED
+CVE-2016-6137
+ RESERVED
+CVE-2016-6136
+ RESERVED
+CVE-2016-6135
+ RESERVED
+CVE-2016-6134
+ RESERVED
CVE-2016-1000007
+ RESERVED
- pagure <itp> (bug #829046)
NOTE: https://pagure.io/pagure/c/070d63983fe5daef92005ea33d3b8c693c224c77
TODO: check if this CVE is correct
@@ -8,6 +59,7 @@
CVE-2016-6133
RESERVED
CVE-2016-6153 [SQLite Tempdir Selection Vulnerability]
+ RESERVED
- sqlite3 3.13.0-1
[jessie] - sqlite3 <no-dsa> (Minor issue, can be fixed via pu)
NOTE: http://www.sqlite.org/cgi/src/info/67985761aa93fb61
@@ -542,8 +594,7 @@
[jessie] - nescc <no-dsa> (Minor issue)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71696
NOTE: Patches (under review): https://gcc.gnu.org/ml/gcc-patches/2016-06/msg02030.html
-CVE-2016-6130
- RESERVED
+CVE-2016-6130 (Race condition in the sclp_ctl_ioctl_sccb function in ...)
{DSA-3616-1}
- linux 4.6.1-1
NOTE: Fixed by: https://git.kernel.org/linus/532c34b5fbf1687df63b3fcd5b2846312ac943c6
@@ -622,10 +673,10 @@
CVE-2016-5851 [XXE]
RESERVED
NOT-FOR-US: python-docx
-CVE-2016-5849
- RESERVED
-CVE-2016-5848
- RESERVED
+CVE-2016-5849 (Siemens SICAM PAS through 8.07 allows local users to obtain sensitive ...)
+ TODO: check
+CVE-2016-5848 (Siemens SICAM PAS before 8.07 does not properly restrict password data ...)
+ TODO: check
CVE-2016-5847
RESERVED
CVE-2016-5846
@@ -1033,8 +1084,7 @@
RESERVED
CVE-2016-5740
RESERVED
-CVE-2016-5739 [PMASA-2016-28: Referrer leak in transformations]
- RESERVED
+CVE-2016-5739 (The Transformation implementation in phpMyAdmin 4.0.x before ...)
- phpmyadmin 4:4.6.3-1
CVE-2016-5738
RESERVED
@@ -1042,20 +1092,15 @@
RESERVED
CVE-2016-5735
RESERVED
-CVE-2016-5734 [PMASA-2016-27: Unsafe handling of preg_replace parameters]
- RESERVED
+CVE-2016-5734 (phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x ...)
- phpmyadmin 4:4.6.3-1
-CVE-2016-5733 [PMASA-2016-26: Multiple XSS vulnerabilities]
- RESERVED
+CVE-2016-5733 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
- phpmyadmin 4:4.6.3-1
-CVE-2016-5732 [PMASA-2016-25: XSS in partition range functionality]
- RESERVED
+CVE-2016-5732 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- phpmyadmin 4:4.6.3-1
-CVE-2016-5731 [PMASA-2016-24: XSS through FPD]
- RESERVED
+CVE-2016-5731 (Cross-site scripting (XSS) vulnerability in examples/openid.php in ...)
- phpmyadmin 4:4.6.3-1
-CVE-2016-5730 [PMASA-2016-23: Multiple full path disclosure vulnerabilities]
- RESERVED
+CVE-2016-5730 (phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x ...)
- phpmyadmin 4:4.6.3-1
[wheezy] - phpmyadmin <no-dsa> (Minor issue)
CVE-2016-5742 [SQL injection in MovableType xml-rpc interface]
@@ -1120,24 +1165,18 @@
RESERVED
CVE-2016-5707
RESERVED
-CVE-2016-5706 [PMASA-2016-22: DOS attack]
- RESERVED
+CVE-2016-5706 (js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x ...)
- phpmyadmin 4:4.6.3-1
-CVE-2016-5705 [PMASA-2016-21: Multiple XSS vulnerabilities]
- RESERVED
+CVE-2016-5705 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
- phpmyadmin 4:4.6.3-1
-CVE-2016-5704 [PMASA-2016-20: XSS on table structure page]
- RESERVED
+CVE-2016-5704 (Cross-site scripting (XSS) vulnerability in the table-structure page ...)
- phpmyadmin 4:4.6.3-1
-CVE-2016-5703 [PMASA-2016-19: SQL injection attack]
- RESERVED
+CVE-2016-5703 (SQL injection vulnerability in libraries/central_columns.lib.php in ...)
- phpmyadmin 4:4.6.3-1
-CVE-2016-5702 [PMASA-2016-18: Cookie attribute injection attack]
- RESERVED
+CVE-2016-5702 (phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF ...)
- phpmyadmin 4:4.6.3-1
[wheezy] - phpmyadmin <no-dsa> (Minor issue)
-CVE-2016-5701 [PMASA-2016-17: BBCode injection vulnerability]
- RESERVED
+CVE-2016-5701 (setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, ...)
- phpmyadmin 4:4.6.3-1
[wheezy] - phpmyadmin <no-dsa> (Minor issue)
CVE-2016-5700
@@ -2640,8 +2679,8 @@
TODO: check
CVE-2016-5229
RESERVED
-CVE-2016-5228
- RESERVED
+CVE-2016-5228 (Stack-based buffer overflow in the PlayMacro function in ...)
+ TODO: check
CVE-2016-5227
RESERVED
CVE-2016-5226
@@ -3057,19 +3096,16 @@
TODO: check
CVE-2016-5100
RESERVED
-CVE-2016-5099
- RESERVED
+CVE-2016-5099 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before ...)
- phpmyadmin 4:4.6.2-1
[jessie] - phpmyadmin <no-dsa> (Minor issue)
[wheezy] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-16/
-CVE-2016-5098
- RESERVED
+CVE-2016-5098 (Directory traversal vulnerability in libraries/error_report.lib.php in ...)
- phpmyadmin <not-affected> (Only affected git versions but not released versions, cf. PMASA-2016-15)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-15/
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/d2dc9481d2af25b035778c67eaf0bfd2d2c59dd8
-CVE-2016-5097
- RESERVED
+CVE-2016-5097 (phpMyAdmin before 4.6.2 places tokens in query strings and does not ...)
- phpmyadmin 4:4.6.2-1
[jessie] - phpmyadmin <no-dsa> (Minor issue)
[wheezy] - phpmyadmin <no-dsa> (Minor issue)
@@ -3239,13 +3275,11 @@
RESERVED
CVE-2016-4999
RESERVED
-CVE-2016-4998 [out of bounds reads when processing IPT_SO_SET_REPLACE setsockopt]
- RESERVED
+CVE-2016-4998 (The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter ...)
{DSA-3607-1}
- linux 4.6.2-2
NOTE: Non-privileged user namespaces disabled by default, only vulnerable with sysctl kernel.unprivileged_userns_clone=1
-CVE-2016-4997 [Corrupted offset allows for arbitrary decrements in compat IPT_SO_SET_REPLACE setsockopt]
- RESERVED
+CVE-2016-4997 (The compat IPT_SO_SET_REPLACE setsockopt implementation in the ...)
{DSA-3607-1}
- linux 4.6.2-2
NOTE: Non-privileged user namespaces disabled by default, only vulnerable with sysctl kernel.unprivileged_userns_clone=1
@@ -3577,36 +3611,31 @@
RESERVED
CVE-2016-4958
RESERVED
-CVE-2016-4957
- RESERVED
+CVE-2016-4957 (ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial ...)
- ntp 1:4.2.8p8+dfsg-1
[jessie] - ntp <not-affected> (Fix for CVE-2016-1547 wasn't backported)
[wheezy] - ntp <not-affected> (Fix for CVE-2016-1547 wasn't backported)
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3046
-CVE-2016-4956
- RESERVED
+CVE-2016-4956 (ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a ...)
- ntp 1:4.2.8p8+dfsg-1
[jessie] - ntp <not-affected> (Fix for CVE-2016-1548 wasn't backported)
[wheezy] - ntp <not-affected> (Fix for CVE-2016-1548 wasn't backported)
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3042
-CVE-2016-4955
- RESERVED
+CVE-2016-4955 (ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote ...)
- ntp 1:4.2.8p8+dfsg-1
[jessie] - ntp <no-dsa> (Minor issue)
[wheezy] - ntp <no-dsa> (Minor issue)
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3043
-CVE-2016-4954
- RESERVED
+CVE-2016-4954 (The process_packet function in ntp_proto.c in ntpd in NTP 4.x before ...)
- ntp 1:4.2.8p8+dfsg-1
[jessie] - ntp <no-dsa> (Minor issue)
[wheezy] - ntp <no-dsa> (Minor issue)
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3044
-CVE-2016-4953
- RESERVED
+CVE-2016-4953 (ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a ...)
- ntp 1:4.2.8p8+dfsg-1
[jessie] - ntp <not-affected> (Fix for CVE-2016-1547 or CVE-2015-7979 wasn't backported)
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
@@ -4530,8 +4559,8 @@
CVE-2016-4562 (The DrawDashPolygon function in MagickCore/draw.c in ImageMagick ...)
- imagemagick <unfixed>
NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
-CVE-2016-4560
- RESERVED
+CVE-2016-4560 (Untrusted search path vulnerability in Flexera InstallAnywhere allows ...)
+ TODO: check
CVE-2016-4559
RESERVED
CVE-2016-4552
@@ -4688,14 +4717,14 @@
TODO: check
CVE-2016-4513 (Cross-site scripting (XSS) vulnerability in the Schneider Electric ...)
TODO: check
-CVE-2016-4512
- RESERVED
+CVE-2016-4512 (Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 ...)
+ TODO: check
CVE-2016-4511 (ABB PCM600 before 2.7 uses an improper hash algorithm for the main ...)
NOT-FOR-US: ABB PCM600
CVE-2016-4510 (The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x ...)
TODO: check
-CVE-2016-4509
- RESERVED
+CVE-2016-4509 (Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and ...)
+ TODO: check
CVE-2016-4508
RESERVED
CVE-2016-4507
@@ -5057,8 +5086,7 @@
RESERVED
CVE-2016-4466
RESERVED
-CVE-2016-4465
- RESERVED
+CVE-2016-4465 (The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and ...)
- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1 and 2.5)
NOTE: https://struts.apache.org/docs/s2-041.html
CVE-2016-4464
@@ -5162,8 +5190,7 @@
[wheezy] - qemu-kvm <no-dsa> (Minor issue; can be fixed along with a future DSA)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03273.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337502
-CVE-2016-4438
- RESERVED
+CVE-2016-4438 (The REST plugin in Apache Struts 2 2.3.20 through 2.3.28.1 allows ...)
- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1)
NOTE: https://struts.apache.org/docs/s2-037.html
CVE-2016-4437 (Apache Shiro before 1.2.5, when a cipher key has not been configured ...)
@@ -5179,18 +5206,15 @@
RESERVED
- tika <unfixed> (bug #825501)
[jessie] - tika <no-dsa> (Minor issue, no standard alone package, just a reverse dependency of jmeter)
-CVE-2016-4433
- RESERVED
+CVE-2016-4433 (Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to ...)
- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1)
NOTE: https://struts.apache.org/docs/s2-039.html
CVE-2016-4432 (The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid ...)
NOT-FOR-US: Apache Qpid Java Broker
-CVE-2016-4431
- RESERVED
+CVE-2016-4431 (Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to ...)
- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1)
NOTE: https://struts.apache.org/docs/s2-040.html
-CVE-2016-4430
- RESERVED
+CVE-2016-4430 (Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, ...)
- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1)
NOTE: https://struts.apache.org/docs/s2-038.html
CVE-2016-4429 (Stack-based buffer overflow in the clntudp_call function in ...)
@@ -6233,8 +6257,7 @@
- quagga <unfixed>
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=770619
NOTE: World readable files in /etc/quagga as well in Debian
-CVE-2016-3955 [remote buffer overflow in usbip]
- RESERVED
+CVE-2016-3955 (The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in ...)
{DSA-3607-1 DLA-516-1}
- linux 4.5.2-1
NOTE: Upstream commit: https://git.kernel.org/linus/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb (v4.6-rc3)
@@ -6408,10 +6431,10 @@
- tiff3 <removed> (unimportant)
NOTE: src:tiff3: built binary packages do not contain the TIFF tools
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2544
-CVE-2016-3989
- RESERVED
-CVE-2016-3988
- RESERVED
+CVE-2016-3989 (The NTP time-server interface on Meinberg IMS-LANTIME M3000, ...)
+ TODO: check
+CVE-2016-3988 (Multiple stack-based buffer overflows in the NTP time-server interface ...)
+ TODO: check
CVE-2016-3987 (The HTTP server in Trend Micro Password Manager allows remote web ...)
NOT-FOR-US: Trend Micro
CVE-2016-3986 (Avast allows remote attackers to cause a denial of service (memory ...)
@@ -6580,8 +6603,8 @@
RESERVED
- cronic 3-1 (bug #820331)
NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/4
-CVE-2016-3962
- RESERVED
+CVE-2016-3962 (Stack-based buffer overflow in the NTP time-server interface on ...)
+ TODO: check
CVE-2016-3961 (Xen and the Linux kernel through 4.5.x do not properly suppress ...)
{DSA-3607-1 DLA-516-1}
- linux 4.5.2-1
@@ -6592,8 +6615,7 @@
NOTE: http://xenbits.xen.org/xsa/advisory-173.html
CVE-2016-3957
RESERVED
-CVE-2016-3956
- RESERVED
+CVE-2016-3956 (The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js ...)
- npm <undetermined>
TODO: check
CVE-2016-3954
@@ -8644,8 +8666,7 @@
CVE-2016-3093 (Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method ...)
- libstruts1.2-java <not-affected> (Only affects Struts 2.x)
NOTE: https://struts.apache.org/docs/s2-034.html
-CVE-2016-3092
- RESERVED
+CVE-2016-3092 (The MultipartStream class in Apache Commons Fileupload before 1.3.2, ...)
{DSA-3614-1 DSA-3611-1 DSA-3609-1 DLA-529-1 DLA-528-1}
- libcommons-fileupload-java 1.3.2-1
- tomcat7 7.0.70-1
@@ -9034,8 +9055,8 @@
RESERVED
CVE-2016-2969
RESERVED
-CVE-2016-2968
- RESERVED
+CVE-2016-2968 (IBM Security QRadar Incident Forensics 7.2.x before 7.2.7 allows ...)
+ TODO: check
CVE-2016-2967
RESERVED
CVE-2016-2966
@@ -9048,8 +9069,8 @@
RESERVED
CVE-2016-2962
RESERVED
-CVE-2016-2961
- RESERVED
+CVE-2016-2961 (The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 ...)
+ TODO: check
CVE-2016-2960
RESERVED
CVE-2016-2959
@@ -9182,8 +9203,8 @@
RESERVED
CVE-2016-2895
RESERVED
-CVE-2016-2894
- RESERVED
+CVE-2016-2894 (IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 ...)
+ TODO: check
CVE-2016-2893
RESERVED
CVE-2016-2892
@@ -9204,10 +9225,10 @@
RESERVED
CVE-2016-2884
RESERVED
-CVE-2016-2883
- RESERVED
-CVE-2016-2882
- RESERVED
+CVE-2016-2883 (Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application ...)
+ TODO: check
+CVE-2016-2882 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before ...)
+ TODO: check
CVE-2016-2881
RESERVED
CVE-2016-2880
@@ -9226,30 +9247,30 @@
RESERVED
CVE-2016-2873
RESERVED
-CVE-2016-2872
- RESERVED
+CVE-2016-2872 (Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x ...)
+ TODO: check
CVE-2016-2871
RESERVED
-CVE-2016-2870
- RESERVED
+CVE-2016-2870 (Buffer overflow in the CLI on IBM WebSphere DataPower XC10 appliances ...)
+ TODO: check
CVE-2016-2869
RESERVED
-CVE-2016-2868
- RESERVED
-CVE-2016-2867
- RESERVED
+CVE-2016-2868 (IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote ...)
+ TODO: check
+CVE-2016-2867 (IBM InfoSphere Streams before 4.0.1.2 and IBM Streams before 4.1.1.1 ...)
+ TODO: check
CVE-2016-2866
RESERVED
CVE-2016-2865
RESERVED
CVE-2016-2864
RESERVED
-CVE-2016-2863
- RESERVED
-CVE-2016-2862
- RESERVED
-CVE-2016-2861
- RESERVED
+CVE-2016-2863 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere ...)
+ TODO: check
+CVE-2016-2862 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 ...)
+ TODO: check
+CVE-2016-2861 (IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before ...)
+ TODO: check
CVE-2016-2860 (The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 ...)
{DSA-3569-1 DLA-493-1}
- openafs 1.6.17-1
@@ -12355,14 +12376,14 @@
NOT-FOR-US: F5 BIG-IP
CVE-2016-2083
RESERVED
-CVE-2016-2082
- RESERVED
-CVE-2016-2081
- RESERVED
+CVE-2016-2082 (Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log ...)
+ TODO: check
+CVE-2016-2081 (Cross-site scripting (XSS) vulnerability in VMware vRealize Log ...)
+ TODO: check
CVE-2016-2080
RESERVED
-CVE-2016-2079
- RESERVED
+CVE-2016-2079 (VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge ...)
+ TODO: check
CVE-2016-2078 (Cross-site scripting (XSS) vulnerability in the Web Client in VMware ...)
NOT-FOR-US: VMware
CVE-2016-2077 (VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before ...)
@@ -12371,8 +12392,7 @@
NOT-FOR-US: VMware
CVE-2016-2075 (Cross-site scripting (XSS) vulnerability in VMware vRealize Business ...)
NOT-FOR-US: VMware vRealize Business Advanced and Enterprise
-CVE-2016-2074 [MPLS buffer overflow]
- RESERVED
+CVE-2016-2074 (Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x ...)
{DSA-3533-1}
- openvswitch 2.3.0+git20140819-4
[wheezy] - openvswitch <not-affected> (Affects only 2.2.x and later)
@@ -13662,8 +13682,7 @@
RESERVED
CVE-2016-1705
RESERVED
-CVE-2016-1704
- RESERVED
+CVE-2016-1704 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1703 (Multiple unspecified vulnerabilities in Google Chrome before ...)
@@ -14100,8 +14119,8 @@
RESERVED
CVE-2016-1607
RESERVED
-CVE-2016-1606
- RESERVED
+CVE-2016-1606 (Multiple stack-based buffer overflows in COM objects in Micro Focus ...)
+ TODO: check
CVE-2016-1605
RESERVED
CVE-2016-1604
@@ -14621,10 +14640,10 @@
RESERVED
CVE-2016-1442
RESERVED
-CVE-2016-1441
- RESERVED
-CVE-2016-1440
- RESERVED
+CVE-2016-1441 (Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco ...)
+ TODO: check
+CVE-2016-1440 (The proxy process on Cisco Web Security Appliance (WSA) devices ...)
+ TODO: check
CVE-2016-1439 (Cross-site scripting (XSS) vulnerability in the management interface ...)
TODO: check
CVE-2016-1438 (Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices ...)
@@ -14653,8 +14672,8 @@
TODO: check
CVE-2016-1426
RESERVED
-CVE-2016-1425
- RESERVED
+CVE-2016-1425 (Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S ...)
+ TODO: check
CVE-2016-1424 (Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause ...)
TODO: check
CVE-2016-1423
@@ -14671,8 +14690,7 @@
TODO: check
CVE-2016-1417
RESERVED
-CVE-2016-1416
- RESERVED
+CVE-2016-1416 (Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) ...)
NOT-FOR-US: Cisco Prime
CVE-2016-1415
RESERVED
@@ -14688,8 +14706,8 @@
NOT-FOR-US: Cisco
CVE-2016-1409 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...)
NOT-FOR-US: Cisco
-CVE-2016-1408
- RESERVED
+CVE-2016-1408 (Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable ...)
+ TODO: check
CVE-2016-1407 (Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services ...)
NOT-FOR-US: Cisco
CVE-2016-1406 (The API web interface in Cisco Prime Infrastructure before 3.1 and ...)
@@ -14708,16 +14726,15 @@
NOT-FOR-US: Cisco
CVE-2016-1399 (The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, ...)
NOT-FOR-US: Cisco
-CVE-2016-1398
- RESERVED
+CVE-2016-1398 (Buffer overflow in the web-based management interface on Cisco RV110W ...)
+ TODO: check
CVE-2016-1397 (Buffer overflow in the web-based management interface on Cisco RV110W ...)
TODO: check
CVE-2016-1396 (Cross-site scripting (XSS) vulnerability in the web-based management ...)
TODO: check
CVE-2016-1395 (The web-based management interface on Cisco RV110W devices with ...)
TODO: check
-CVE-2016-1394
- RESERVED
+CVE-2016-1394 (Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded ...)
NOT-FOR-US: Cisco Firepower System Software
CVE-2016-1393 (SQL injection vulnerability in Cisco Cloud Network Automation ...)
TODO: check
@@ -14839,10 +14856,10 @@
TODO: check
CVE-2016-1338 (Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 ...)
NOT-FOR-US: Cisco
-CVE-2016-1337
- RESERVED
-CVE-2016-1336
- RESERVED
+CVE-2016-1337 (Cisco EPC3928 devices allow remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2016-1336 (goform/Docsis_system on Cisco EPC3928 devices allows remote attackers ...)
+ TODO: check
CVE-2016-1335 (The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x ...)
NOT-FOR-US: Cisco StarOS
CVE-2016-1334 (Cisco Small Business 500 Wireless Access Point devices with firmware ...)
@@ -14857,8 +14874,8 @@
NOT-FOR-US: Cisco IOS
CVE-2016-1329 (Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and ...)
NOT-FOR-US: Cisco Nexus
-CVE-2016-1328
- RESERVED
+CVE-2016-1328 (goform/WClientMACList on Cisco EPC3928 devices allows remote attackers ...)
+ TODO: check
CVE-2016-1327 (Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices ...)
NOT-FOR-US: Cisco
CVE-2016-1326 (The administration interface on Cisco DPQ3925 devices with firmware r1 ...)
@@ -14935,8 +14952,7 @@
TODO: check
CVE-2016-1290 (The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and ...)
TODO: check
-CVE-2016-1289
- RESERVED
+CVE-2016-1289 (The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved ...)
NOT-FOR-US: Cisco Prime
CVE-2016-1288 (The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x ...)
NOT-FOR-US: Cisco Web Security Appliance
@@ -15508,10 +15524,10 @@
TODO: check
CVE-2016-1229 (Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 ...)
TODO: check
-CVE-2016-1228
- RESERVED
-CVE-2016-1227
- RESERVED
+CVE-2016-1228 (Cross-site request forgery (CSRF) vulnerability on NTT EAST Hikari ...)
+ TODO: check
+CVE-2016-1227 (NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and ...)
+ TODO: check
CVE-2016-1226 (Cross-site scripting (XSS) vulnerability in Trend Micro Internet ...)
TODO: check
CVE-2016-1225 (Trend Micro Internet Security 8 and 10 allows remote attackers to read ...)
@@ -15600,8 +15616,7 @@
RESERVED
CVE-2016-1183 (NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through ...)
TODO: check
-CVE-2016-1182 [Improper input validation in Validator]
- RESERVED
+CVE-2016-1182 (ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not ...)
- libstruts1.2-java <removed>
[wheezy] - libstruts1.2-java <no-dsa> (basically fixed in CVE-2015-0899)
NOTE: https://jvn.jp/en/jp/JVN65044642/
@@ -15610,8 +15625,7 @@
NOTE: condition two can be fixed by the following patch:
NOTE: https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8
NOTE: but as this completely deactivates multipart requests, this should not be generally applied
-CVE-2016-1181 [Vulnerability in ActionForm allows unintended remote operations against components on server memory]
- RESERVED
+CVE-2016-1181 (ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles ...)
- libstruts1.2-java <removed>
[wheezy] - libstruts1.2-java <no-dsa> (basically fixed in CVE-2015-0899)
NOTE: https://jvn.jp/en/jp/JVN03188560/
@@ -16513,8 +16527,7 @@
NOT-FOR-US: RSA Authentication Manager
CVE-2016-0900 (Cross-site scripting (XSS) vulnerability in EMC RSA Authentication ...)
NOT-FOR-US: RSA Authentication Manager
-CVE-2016-0899
- RESERVED
+CVE-2016-0899 (EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated ...)
NOT-FOR-US: RSA Archer GRC Platform
CVE-2016-0898
RESERVED
@@ -18275,12 +18288,12 @@
NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=146aa8b1453bd8f1ff2304ffb71b4ee0eb9acdcc (v4.4-rc1)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1284450
NOTE: http://www.openwall.com/lists/oss-security/2015/12/09/1
-CVE-2016-0400
- RESERVED
-CVE-2016-0399
- RESERVED
-CVE-2016-0398
- RESERVED
+CVE-2016-0400 (CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 ...)
+ TODO: check
+CVE-2016-0399 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
+ TODO: check
+CVE-2016-0398 (IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers ...)
+ TODO: check
CVE-2016-0397
RESERVED
CVE-2016-0396
@@ -18293,18 +18306,18 @@
RESERVED
CVE-2016-0392 (IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 ...)
TODO: check
-CVE-2016-0391
- RESERVED
+CVE-2016-0391 (The IBM Watson Developer Cloud services on Bluemix platforms do not ...)
+ TODO: check
CVE-2016-0390 (Cross-site scripting (XSS) vulnerability in IBM Algorithmics Algo One ...)
TODO: check
CVE-2016-0389
RESERVED
CVE-2016-0388
RESERVED
-CVE-2016-0387
- RESERVED
-CVE-2016-0386
- RESERVED
+CVE-2016-0387 (Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application ...)
+ TODO: check
+CVE-2016-0386 (Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA ...)
+ TODO: check
CVE-2016-0385
RESERVED
CVE-2016-0384
@@ -18357,8 +18370,8 @@
RESERVED
CVE-2016-0360
RESERVED
-CVE-2016-0359
- RESERVED
+CVE-2016-0359 (CRLF injection vulnerability in IBM WebSphere Application Server (WAS) ...)
+ TODO: check
CVE-2016-0358
RESERVED
CVE-2016-0357
@@ -18383,8 +18396,8 @@
RESERVED
CVE-2016-0347
RESERVED
-CVE-2016-0346
- RESERVED
+CVE-2016-0346 (Cross-site scripting (XSS) vulnerability in IBM Cognos Business ...)
+ TODO: check
CVE-2016-0345
RESERVED
CVE-2016-0344
@@ -18633,8 +18646,8 @@
RESERVED
CVE-2016-0222 (IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote ...)
NOT-FOR-US: IBM
-CVE-2016-0221
- RESERVED
+CVE-2016-0221 (Cross-site scripting (XSS) vulnerability in IBM Cognos TM1, as used in ...)
+ TODO: check
CVE-2016-0220
RESERVED
CVE-2016-0219
@@ -23580,8 +23593,8 @@
NOT-FOR-US: Apple
CVE-2015-7030 (The Swift implementation in Apple Xcode before 7.1 mishandles type ...)
TODO: check
-CVE-2015-7029
- RESERVED
+CVE-2015-7029 (Apple AirPort Base Station Firmware before 7.6.7 and 7.7.x before ...)
+ TODO: check
CVE-2015-7028
RESERVED
CVE-2015-7027
@@ -23797,8 +23810,8 @@
TODO: check
CVE-2015-6932 (VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify ...)
NOT-FOR-US: VMware
-CVE-2015-6931
- RESERVED
+CVE-2015-6931 (Cross-site scripting (XSS) vulnerability in the vSphere Web Client in ...)
+ TODO: check
CVE-2015-8871 [Use-after-free in opj_j2k_write_mco]
RESERVED
- openjpeg2 <unfixed> (bug #800149)
@@ -27187,8 +27200,8 @@
RESERVED
CVE-2015-5665 (Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE ...)
TODO: check
-CVE-2015-5664
- RESERVED
+CVE-2015-5664 (Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS ...)
+ TODO: check
CVE-2015-5663 (The file-execution functionality in WinRAR before 5.30 beta 5 allows ...)
TODO: check
CVE-2015-5662 (Directory traversal vulnerability in Avast before 150918-0 allows ...)
@@ -42248,8 +42261,7 @@
NOT-FOR-US: WordPress duwasai flashy theme
CVE-2015-0900 (Cross-site scripting (XSS) vulnerability in schedule.cgi in Nishishi ...)
NOT-FOR-US: Nishishi Factory
-CVE-2015-0899 [input validation bypass in MultiPageValidator]
- RESERVED
+CVE-2015-0899 (The MultiPageValidator implementation in Apache Struts 1 1.1 through ...)
{DSA-3536-1 DLA-292-1}
- libstruts1.2-java <removed>
NOTE: Patch in SuSE Bugzilla: https://bugzilla.novell.com/attachment.cgi?id=629559
More information about the Secure-testing-commits
mailing list